# 允许携带cookies
CORS_ALLOW_CREDENTIALS = True


# 允许所有域名跨域,[有这个，就无需配置白名单]
CORS_ORIGIN_ALLOW_ALL = True


# 跨域允许的请求
CORS_ALLOW_METHODS = (
    "DELETE",
    "GET",
    "OPTIONS",
    "PATCH",
    "POST",
    "PUT",
    "VIEW",
)


# 跨域时，允许在请求头中携带的参数字段
CORS_ALLOW_HEADERS = (
    "accept",
    "accept-encoding",
    "authorization",
    "content-type",
    "dnt",
    "origin",
    "user-agent",
    "x-csrftoken",
    "x-requested-with",
    # 配置允许自定义的参数在请求头中，如token数据
    "token",
)


"""
#1、注册应用
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'corsheaders', #放在新建的其他项目之前
]


#2、中间件
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware', #【2-1,配置drf的跨域】注意顺序
    'django.middleware.common.CommonMiddleware',
    # 'django.middleware.csrf.CsrfViewMiddleware', #【2-2,注销django】
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

3、用法：settings.py中
# 跨域配置
from base_config.cors_config import (
    CORS_ALLOW_CREDENTIALS,
    CORS_ORIGIN_ALLOW_ALL,
    CORS_ALLOW_METHODS,
    CORS_ALLOW_HEADERS, )

CORS_ALLOW_CREDENTIALS = CORS_ALLOW_CREDENTIALS
# 允许所有域名跨域,[有这个，就无需配置白名单]
CORS_ORIGIN_ALLOW_ALL = CORS_ORIGIN_ALLOW_ALL
# 跨域允许的请求
CORS_ALLOW_METHODS = CORS_ALLOW_METHODS
# 跨域时，允许在请求头中携带的参数字段
CORS_ALLOW_HEADERS = CORS_ALLOW_HEADERS
"""
